[tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 30 21:21:57 UTC 2017
#22962: Clarify the security severity of issues that make denial of service easier
--------------------------+------------------------------------
Reporter: teor | Owner: nickm
Type: task | Status: accepted
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: docs policy | Actual Points:
Parent ID: #22948 | Points:
Reviewer: | Sponsor: SponsorV
--------------------------+------------------------------------
Comment (by nickm):
> Are we worried that memory disclosure vulnerabilities will ever de-
anonymise users?
Well, when I think of memory disclosure, in the worst case I think of
Heartbleed. That could have de-anonymized users FWICT.
> Remote crashes against clients aren't in our existing list, should they
be high or critical?
Hm. I would say "high". What would others say?
> The last sentence in the critical section should read "… any ability to
regain root privileges would be critical-severity."
Agreed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22962#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list